Public bug reported:
I can create an aarch64 VM but when I go to start the VM I see this
error:
$ virsh start legal-coyote
error: Failed to start domain legal-coyote
error: internal error: cannot load AppArmor profile
'libvirt-9728b707-1f47-4cd7-a4ca-6eddf5d98d04'
This was on a brand new ubuntu 16.04.4 install. Below are the steps
that were executed, including what produced there error as well as some
system information.
1. $ sudo apt update && sudo apt upgrade && sudo apt install emacs
libvirt-bin qemu-system-arm qemu-efi
2. Created a VM with MAAS.
3. $ virsh list --all
Id Name State
----------------------------------------------------
- legal-coyote shut off
4. $ virsh dumpxml legal-coyote
<domain type='kvm'>
<name>legal-coyote</name>
<uuid>9728b707-1f47-4cd7-a4ca-6eddf5d98d04</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='aarch64' machine='virt'>hvm</type>
<loader readonly='yes' type='pflash'>
/usr/share/AAVMF/AAVMF_CODE.fd
</loader>
<nvram>/usr/share/AAVMF/AAVMF_VARS.fd</nvram>
<boot dev='network'/>
<boot dev='hd'/>
</os>
<features>
<gic version='3'/>
</features>
<cpu mode='host-passthrough'/>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source
file='/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b'/>
<target dev='vda' bus='virtio'/>
<address type='virtio-mmio'/>
</disk>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='dmi-to-pci-bridge'>
<model name='i82801b11-bridge'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x0'/>
</controller>
<controller type='pci' index='2' model='pci-bridge'>
<model name='pci-bridge'/>
<target chassisNr='2'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x01'
function='0x0'/>
</controller>
<interface type='network'>
<mac address='52:54:00:42:7e:02'/>
<source network='default'/>
<model type='virtio'/>
<address type='virtio-mmio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
</devices>
</domain>
5. $ virsh start legal-coyote
error: Failed to start domain legal-coyote
error: internal error: cannot load AppArmor profile
'libvirt-9728b707-1f47-4cd7-a4ca-6eddf5d98d04'
6. Checking dmesg...
[ 726.425389] virbr0: $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenialport 1(virbr0-nic) entered listening state
[ 726.425419] virbr0: port 1(virbr0-nic) entered listening state
[ 727.959553] virbr0: port 1(virbr0-nic) entered disabled state
[ 896.933127] audit: type=1400 audit(1526946784.127:18): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933169] audit: type=1400 audit(1526946784.127:19): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933846] audit: type=1400 audit(1526946784.127:20): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933890] audit: type=1400 audit(1526946784.127:21): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.937130] audit: type=1400 audit(1526946784.131:22): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b"
pid=9083 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 943.086388] audit: type=1400 audit(1526946830.280:23): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.086429] audit: type=1400 audit(1526946830.280:24): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.087171] audit: type=1400 audit(1526946830.280:25): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.087214] audit: type=1400 audit(1526946830.280:26): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.090417] audit: type=1400 audit(1526946830.284:27): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b"
pid=9174 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
7. $ dpkg -l | grep libvirt
ii libvirt-bin 1.3.1-1ubuntu10.23
arm64 programs for the libvirt library
ii libvirt0:arm64 1.3.1-1ubuntu10.23
arm64 library for interfacing with different virtualization systems
8. $ dpkg -l | grep qemu
ii ipxe-qemu 1.0.0+git-20150424.a25a16d-1ubuntu1.2
all PXE boot firmware - ROM images for qemu
ii qemu-block-extra:arm64 1:2.5+dfsg-5ubuntu10.29
arm64 extra block backend modules for qemu-system and qemu-utils
ii qemu-efi 0~20160408.ffea0a2c-2
all UEFI firmware for virtual machines
ii qemu-system-arm 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU full system emulation binaries (arm)
ii qemu-system-common 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU full system emulation binaries (common files)
ii qemu-utils 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU utilities
9. $ dpkg -l | grep apparmor
ii apparmor 2.10.95-0ubuntu2.9
arm64 user-space parser utility for AppArmor
ii libapparmor-perl 2.10.95-0ubuntu2.9
arm64 AppArmor library Perl bindings
ii libapparmor1:arm64 2.10.95-0ubuntu2.9
arm64 changehat AppArmor library
10. $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1772538
Title:
Can't start arm64 VM due to apparmor error.
Status in apparmor package in Ubuntu:
New
Status in libvirt package in Ubuntu:
New
Bug description:
I can create an aarch64 VM but when I go to start the VM I see this
error:
$ virsh start legal-coyote
error: Failed to start domain legal-coyote
error: internal error: cannot load AppArmor profile
'libvirt-9728b707-1f47-4cd7-a4ca-6eddf5d98d04'
This was on a brand new ubuntu 16.04.4 install. Below are the steps
that were executed, including what produced there error as well as
some system information.
1. $ sudo apt update && sudo apt upgrade && sudo apt install emacs
libvirt-bin qemu-system-arm qemu-efi
2. Created a VM with MAAS.
3. $ virsh list --all
Id Name State
----------------------------------------------------
- legal-coyote shut off
4. $ virsh dumpxml legal-coyote
<domain type='kvm'>
<name>legal-coyote</name>
<uuid>9728b707-1f47-4cd7-a4ca-6eddf5d98d04</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='aarch64' machine='virt'>hvm</type>
<loader readonly='yes' type='pflash'>
/usr/share/AAVMF/AAVMF_CODE.fd
</loader>
<nvram>/usr/share/AAVMF/AAVMF_VARS.fd</nvram>
<boot dev='network'/>
<boot dev='hd'/>
</os>
<features>
<gic version='3'/>
</features>
<cpu mode='host-passthrough'/>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-aarch64</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source
file='/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b'/>
<target dev='vda' bus='virtio'/>
<address type='virtio-mmio'/>
</disk>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='dmi-to-pci-bridge'>
<model name='i82801b11-bridge'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x0'/>
</controller>
<controller type='pci' index='2' model='pci-bridge'>
<model name='pci-bridge'/>
<target chassisNr='2'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x01'
function='0x0'/>
</controller>
<interface type='network'>
<mac address='52:54:00:42:7e:02'/>
<source network='default'/>
<model type='virtio'/>
<address type='virtio-mmio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
</devices>
</domain>
5. $ virsh start legal-coyote
error: Failed to start domain legal-coyote
error: internal error: cannot load AppArmor profile
'libvirt-9728b707-1f47-4cd7-a4ca-6eddf5d98d04'
6. Checking dmesg...
[ 726.425389] virbr0: $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenialport 1(virbr0-nic) entered listening state
[ 726.425419] virbr0: port 1(virbr0-nic) entered listening state
[ 727.959553] virbr0: port 1(virbr0-nic) entered disabled state
[ 896.933127] audit: type=1400 audit(1526946784.127:18): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933169] audit: type=1400 audit(1526946784.127:19): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933846] audit: type=1400 audit(1526946784.127:20): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.933890] audit: type=1400 audit(1526946784.127:21): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9083/auxv" pid=9083 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 896.937130] audit: type=1400 audit(1526946784.131:22): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b"
pid=9083 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 943.086388] audit: type=1400 audit(1526946830.280:23): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.086429] audit: type=1400 audit(1526946830.280:24): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.087171] audit: type=1400 audit(1526946830.280:25): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.087214] audit: type=1400 audit(1526946830.280:26): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/proc/9174/auxv" pid=9174 comm="virt-aa-helper" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 943.090417] audit: type=1400 audit(1526946830.284:27): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper"
name="/var/lib/libvirt/maas-images/796e5e0f-ab62-4e44-8189-bbc754635e0b"
pid=9174 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
7. $ dpkg -l | grep libvirt
ii libvirt-bin 1.3.1-1ubuntu10.23
arm64 programs for the libvirt library
ii libvirt0:arm64 1.3.1-1ubuntu10.23
arm64 library for interfacing with different virtualization systems
8. $ dpkg -l | grep qemu
ii ipxe-qemu 1.0.0+git-20150424.a25a16d-1ubuntu1.2
all PXE boot firmware - ROM images for qemu
ii qemu-block-extra:arm64 1:2.5+dfsg-5ubuntu10.29
arm64 extra block backend modules for qemu-system and qemu-utils
ii qemu-efi 0~20160408.ffea0a2c-2
all UEFI firmware for virtual machines
ii qemu-system-arm 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU full system emulation binaries (arm)
ii qemu-system-common 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU full system emulation binaries (common files)
ii qemu-utils 1:2.5+dfsg-5ubuntu10.29
arm64 QEMU utilities
9. $ dpkg -l | grep apparmor
ii apparmor 2.10.95-0ubuntu2.9
arm64 user-space parser utility for AppArmor
ii libapparmor-perl 2.10.95-0ubuntu2.9
arm64 AppArmor library Perl bindings
ii libapparmor1:arm64 2.10.95-0ubuntu2.9
arm64 changehat AppArmor library
10. $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1772538/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
